readpe: garbage in Date/time stamp output

[pali]

Describe the bug Date/time stamp: line from the readpe output contains garbage / invalid values.

For example:

    Date/time stamp:                 1682449479 (Sun, 24 Feb 39791743 13:21:11 UTC)

Despite that timestamp stored in PE binary is just 32-bit number, year 39791743 is behind 32-bit limit.

This happens for 64-bit builds of readpe.

To Reproduce Please provide us with:

• pev version - latest master b0e8df06de08284f8eaf5fa43f21df64bd3e04df
• OS version - Debian 10 64-bit
• The file(s) you've analysed with pev - simple return 0 compiled by gcc int main() { return 0; }
• The command you've used with the files, with all the flags - readpe a.exe

Expected behavior readpe prints timestamp correctly. Not year 39791743.

Screenshots

Additional context The issue is in timestamp processing. time_t type is 64-bit on 64-bit system but TimeDateStamp is always 32-bit. So casting TimeDateStamp pointer to time_t pointer cause reading garbage data.

Simple fix for this issue:

diff --git a/src/readpe.c b/src/readpe.c
index 84453c09d174..dc3750bcb887 100644
--- a/src/readpe.c
+++ b/src/readpe.c
@@ -679,7 +679,8 @@ static void print_coff_header(IMAGE_COFF_HEADER *header)
    output("Number of sections", s);

    char timestr[40] = "invalid";
-   struct tm *t = gmtime((time_t *) &header->TimeDateStamp);
+   time_t timestamp = header->TimeDateStamp;
+   struct tm *t = gmtime(&timestamp);
    if (t)
        strftime(timestr, sizeof(timestr), "%a, %d %b %Y %H:%M:%S UTC", t);
    snprintf(s, MAX_MSG, "%" PRIu32 " (%s)", header->TimeDateStamp, timestr);

[GoGoOtaku]

Interesting. My test executables were all from about 2021 which works fine. Thank you for your report/fix.